Difference between revisions of "Talk:Guide to Authentication"

Latest revision as of 20:44, 2 December 2009

"When used in a single factor authentication method (for example, just a thumbprint with no username or password), biometrics are the weakest form of authentication available and are unsuitable for even moderate risk applications." Biometrics is still a better single factor auth method than having a username/password based one which doesnt enforce password complexity or account lockout.

So I am removing that sentence. There are much worse implementations of single factor authentication.

I don't know if this is strictly true: " * Password change**

   * Password resets**

(**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities) "

Perhaps it should read "Most medium and all high value systems should use more than one factor of authentication and should not rely exclusively on passwords."

Difference between revisions of "Talk:Guide to Authentication"

Latest revision as of 20:44, 2 December 2009

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 3: / Line 3: @@
 So I am removing that sentence. There are much worse implementations of single factor authentication.
+---------------------------------------------
+I don't know if this is strictly true:
+"    *  Password change**
+    * Password resets**
+(**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities) "
+Perhaps it should read "Most medium and all high value systems should use more than one factor of authentication and should not rely exclusively on passwords."